wiki:faq/security/fingerprints

Version 19 (modified by Jamie McClelland, 3 years ago) (diff)

--

What's a Fingerprint?

The first time you connect to one of our servers using an ssh-based connection (either via SFTP or ssh), your client program should warn you that you are connecting to a server that you have never connected to before. This warning is important! You do not want to risk connecting to the wrong server, because you will essentially be handing this server your username and password.

With the ssh protocol, servers are identified by "fingerprints." Fingerprints are extremely difficult to forge, so if your program reports that the server you are connecting to has a fingerprint that matches the true fingerprint of the server, you can safely connect.

There are several approaches to confirming a fingerprint.

TOFU

TOFO stands for Trust on First Use. It is the most commonly used method for checking fingerprints. It means that you blindly accept the fingerprint offered the first time you connect. Then, you rely on your ssh/sftp program to warn you if the fingerprint ever changes (all ssh/sftp programs will provide you this warning).

This method assumes that your communications are not being tampered with the first time you connect, but may be tampered with later. It is reasonably secure, but does run a risk if your initial connection to a server is compromised.

Request Confirmation

If you want to be more sure that you are connecting to the right server, you can take the following steps:

  • Do not enter your web site's domain name as the server name. Only connect to the mayfirst domain name of the server, e.g. marx.mayfirst.org or june.mayfirst.org. Sometimes we move sites from one server to another. By using the real server name, you can more easily keep track of key changes.
  • Before connecting for the first time, open a ticket requesting the fingerprint of the server in question.

Use the Monkeysphere

If you are a Linux user, you can install the monkeysphere to use OpenPGP to verify the key fingerprints. All May First/People Link servers have been signed by an MF/PL administrator.